Javier Olascoaga

Name of the Vulnerable Software and Affected Versions: Secure Computing CipherTrust IronMail version 6.1.1 Description: The administration console in Secure Computing CipherTrust IronMail contains multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters to different API endpoints, including: "admin/system IronMail.do" with parameters such as `network`, `defRouterIp`, `hostName`, `domainName`, `ipAddress`, `defaultRouter`, `dns1`, or `dns2`; "admin/systemOutOfBand.do" with the `ipAddress` parameter; "admin/systemBackup.do" with the `password` or `confirmPassword` parameter; "admin/systemLicenseManager.do" with the `Klicense` parameter; "admin/systemWebAdminConfig.do" with the `rows[1].attrValueStr` or `rows[2].attrValueStr` parameter; "admin/ldap ConfigureServiceProperties.do" with the `rows[0].attrValueStr`, `rows[1].attrValueStr`, `rows[2].attrValue`, or `rows[2].attrValueStrClone` parameter; "admin/mailFirewall MailRoutingInternal.do" with the `input1` parameter; "admin/mailIdsConfig.do" with the `rows[2].attrValueStr`, `rows[3].attrValueStr`, `rows[5].attrValueStr`, or `rows[6].attrValueStr` parameter. Recommendations: As a temporary workaround, consider disabling access to the administration console until a patch is available. Restrict input for the parameters `network`, `defRouterIp`, `hostName`, `domainName`, `ipAddress`, `defaultRouter`, `dns1`, `dns2`, `password`, `confirmPassword`, `Klicense`, `rows[1].attrValueStr`, `rows[2].attrValueStr`, `rows[0].attrValueStr`, `rows[1].attrValueStr`, `rows[2].attrValue`, `rows[2].attrValueStrClone`, `input1`, `rows[2].attrValueStr`, `rows[3].attrValueStr`, `rows[5].attrValueStr`, and `rows[6].attrValueStr` to minimize the risk of exploitation. Avoid using the vulnerable API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.